Cyber 101

Forensic Focus - October 2016

Many of our readers will be totally up to speed with all things technical, including having a solid grasp of cyber-security and cyber-crime.

However, for many of us….maybe not so much! Here is a nice plain English explanation* of some of the commonly used cyber-crime terms to help you navigating the murky world of cyber-crime!

Advanced persistent threat: An attack in which an actor uses sophisticated tech and tactics to gain access to a network, often staying undetected for a lengthy period of time. In this sort of an attack, the actor is often a nation-state. Attacks of this kind are used to pilfer information or to lie in wait for future mischief.

Authentication: A process, such as a login and password combination, used to identify a user, process, or device prior to granting access to a system. Strong authentication is a verification process using several elements or stages, such as digital certifications and phone numbers in addition to a login and password.

Bot: In the context of cyber-security, a bot (also known as a zombie) is an Internet-connected computer that has been compromised by malicious code in order to use the computer for something other than what was intended. Bots work together in something called a "botnet," a network of compromised computers that is frequently used by hackers to send messages such as spam or malicious code without it being traceable.

Brute force attack: The attempt to gain access to a network using repeated guesses at passwords or Data Encryption Standard keys.

Darknet: A hidden neighborhood of the Internet, only accessible using non-standard protocols—most famously the Tor browser. The darknet is a marketplace for illegal substances and arms, stolen data, and software used for hacking. It is also a meeting place for, among others, criminals and terrorists. Sites on the darknet are not indexed and do not appear on search engines. Hidden web real estate can (and is) used for good as well, such as protecting dissidents in repressive regimes.

Distributed denial-of-service (DDoS) attack: Distributed denial-of-service is the easiest, and therefore most common, type of black hat hacking attack. The attackers use multiple hosts to send requests to a target site at such a rate that it crashes.

Encryption: The process of converting plaintext to ciphertext by an encryption algorithm. In other words, the plain message you wish to send—whether it is text or a sound file, a video, or something else—is encoded so that it is only understood by the sender and its intended recipient. Encryption is available through software, but most computer systems are already set up to encrypt all of your data.

Hacking: Hacking is most often thought of as the action of gaining unauthorized access to information, devices, and networks. More accurately, black hat hackers do so to damage, steal, or commit other mischief. White hat hacking is devoted to unearthing vulnerabilities, often ones that the hackers believe a company or organization knows of but has not repaired.

Malware: Short for "malicious software," malware is any program or file embedded into a system to run an unauthorized process for the purposes of capturing information, sabotaging the system, holding it for ransom, or other negative actions.

Man-in-the-middle (MitM) attack: A type of attack in which the actor intercepts, alters, or eavesdrops on data as it travels between the sender and recipient. An example of this is intercepting messages through an unencrypted Wi-Fi connection.

Phishing: A social engineering hack in which the actor attempts to trick a target into delivering access to the target’s system. An example of this would be a spoofed email message, which appears to come from a legitimate IP address belonging to a bank or major Internet site. The email requests the target enter their login and password or financial information. Spear phishing is the same type of approach, but with information targeting a specific individual or organization.

Spoofing: Sending an email disguised to look like it is coming from someplace besides its actual origin. The IP address may be changed, the email address may mimic a known domain, and the email formatting may imitate the design attached to a well-known company or site.

Virus/worm/Trojan: A virus is a self-replicating computer program, designed to be slipped into a computer in order to copy, delete, change, damage, or lock data. A virus frequently uses the infected computer to spread itself to other targets. Similarly, a worm does not alter files, but rather, it stays in active memory and replicates itself. A Trojan or Trojan horse is a virus that appears to have a useful function and uses that shell of legitimacy to avoid security measures.

You may have heard of the ‘Deep Web’, one of the films featured under the ‘Cyber-crime’ theme.

Director Alex Winter (star of Bill & Ted’s Excellent Adventure) explores the murky world of online black marketplace Silk Road, established to evade the scrutiny of authorities and provide a secure means of purchasing illegal drugs. Follows the trial of alleged Silk Road operator Ross Ulbricht, and delves into subject matter including bitcoin and politics of the dark web, interviewing leading authorities on the digital frontier.

If you would like to discuss anything relating to cyber crime or cyber-security in the context of your business please contact Ian Tuke.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/about to learn more about our global network of member firms.